Data leakage prevention tools become more popular
Another angle on preventing insider data breaches is being pursued via the use of so-called DLP (data leakage prevention) tools.
At WebEx, the well-known online conferencing applications vendor, Security Engineering and Operations Manager Mike Machado said that the company is using advanced DLP technologies made by Reconnex to ensure that workers aren't walking out of the building with the company's next big idea.
"Up until now, we didn't have anything in place that could capture everything that goes over the wire, but the ability to use technology do to do this type of testing, versus doing sampling in the past, has given us a much clearer picture of where data is going on the network and who is touching it," Machado said.
"Most of the incidents we find today are people unaware of policies, it's only occasionally that we find something malicious, but typically the result is a simple behavior discussion, and that's helping people expand their own understanding of what they should or shouldn't do," he said.
Another advantage to using DLP to keep an eye on all the data being transmitted out of WebEx's network is that the tools serve as another proof point to show external auditors when those groups are testing to see if the firm is employing comprehensive information protection.
Perhaps the best use case for the technology yet, however, is when WebEx used the tools to catch an employee attempting to participate in a malware-distribution ring.
In addition to joining sides with the malware gang, the employee had also agreed to allow the group to use excess WebEx network capacity to harbor potential attacks -- a problem that would have reflected poorly on the entire company if it were discovered and publicized, said the expert.
"It's taught us that a lot that goes on that we know didn't about and verified things we suspected. Overall, it's been a valuable tool for detecting problems and putting us in position to prevent bigger problem down the road," Machado said. "In the rare case we find something to investigate, the technology gives us a much more credible case."
The tools have also proven useful for helping the WebEx 's IT security team closer ties with the company's traditional security unit, which has helped the firm coordinate efforts to look for suspicious employee user behavior and policy violations.